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1 This action is in response to the communication filed on 1/3 1/2007. 

2 DETAILED ACTION 

3 Continued Examination Under 3 7 CFR 1. 114 

4 A request for continued examination under 37 CFR 1.114, including the fee set forth in 



5 37 CFR 1 .17(e), was filed in this application after final rejection. Since this application is 

6 eligible for continued examination under 37 CFR 1. 1 14, and the fee set forth in 37 CFR 1. 17(e) 

7 has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 

8 37 CFR 1.114. Applicant's submission filed on 12/04/2006 has been entered. 
9 



1 0 Response to Arguments 

1 1 Applicants 5 arguments filed 12/4/2006 have been fully considered but they are moot in 

12 view of the new grounds of rejection. 

13 Furthermore, applicants' argue, with regards to the independent claims, primarily that 

14 Davis did not disclose "a communications pipe established between an HSM and a PSD that 

1 5 allows the HSM to communicate data or configuration changes to the PSD. The examiner points 



16 to Davis Fig. 1 ID, Steps 692 and 694, which generates data and sends the data to the payment 

17 server, which then sends the data to the client terminal, as seen in Fig. 1 1 A, Steps 614-616, 

18 which passes the data to the stored value card, as is seen in Fig. 1 IB, Step 618. These steps meet 

19 the limitation of the claim language and as such the examiner does not find the argument 

20 persuasive. 

21 Claims 1-31 have been examined. 
22 
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1 Claim Rejections - 35 USC §103 

2 Claims 1-2, 4, 8-16, 19-20, 24-28, and 31 are rejected under 35 U.S.C. 103(a) as being 

3 unpatentable over Davis et al. (US Patent Number 6, 105,008) hereinafter referred to as Davis, 

4 and further in view of Shrader et al. (Patent Application Publication 2002/0091922) hereinafter 

5 referred to as Shrader. 

6 Regarding claim 1, Davis disclosed a post issuance system for performing data or 

7 configuration changes within a personal security device (PSD) (Stored- Value Card See Davis 

8 Fig. 1), said system comprising: said PSD, including at least one functional application (See 

9 Davis Fig. 1 and Col. 1 Lines 45-49) and a PSD cryptographic component (See Davis Fig. 1 

10 Element 22), a local client functionally connected to said PSD (See Davis Fig. 4 Element 204), a 

1 1 first server functionally connected to said local client (See Davis Fig. 4 Element 206), said PSD 

12 and said first server comprising a first component for mutual authentication (See Davis Col. 13 

13 Line 47 - Col. 14 Line 13), at least one hardware security module (HSM), including an HSM 

14 cryptographic component complementary to said PSD cryptographic component, said at least 

15 one HSM being functionally connected to said first server (See Davis Fig. 4 Element 218 and 

16 Col. 14 Lines 14-38), a communications pipe, established between said PSD and said at least one 

17 HSM (See Davis Col. 13 Line 47 - Col. 14 Line 13), and at least one storage component that 

18 stores or generates said data or configuration changes, said at least one storage component being 

19 functionally connected to said first server (See Davis Fig. 1 ID), wherein: said at least one HSM 

20 comprises a controlling component that controls said data or configuration changes sent through 

21 said communications pipe to said PSD (See Davis Fig. 1 ID), but Davis failed to specifically 

22 disclose that the client and server comprised a first component for mutual authentication, or that 
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1 the client and server mutually authenticated each other prior to the HSM sending data through 

2 said communications pipe. 

3 Shrader teaches that in an Internet purchase system, SSL, which is well known in the art 

4 of computer security, should be used to provide secure communications between the client and 

5 the server by allowing mutual authentication, the use of digital signatures for integrity, and 

6 encryption for privacy (See Shrader Paragraphs 10-1 1). 

7 It would have been obvious to the ordinary person skilled in the art at the time of 

8 invention to employ the teachings of Shrader in the Internet purchase system of Davis by 

9 establishing a secure channel between the client and the server prior to transaction 

1 0 communications. This would have been obvious because the ordinary person skilled in the art 

1 1 would have been motivated to allow both the client and server to verify "what entities were 

12 involved in the transaction along the transmission", as well as to protect the transmitted data 

13 from illicit access. , 

14 Regarding claim 19, Davis disclosed a post issuance method for performing data or 

15 configuration changes within a personal security device (PSD) (Stored-Value Card See Davis 

16 Fig. 1), said method comprising: establishing a communications pipe between said PSD and at 

17 least one hardware security module (HSM) (See Davis Col. 13 Line 47 - Col. 14 Line 13), 

18 wherein said PSD is functionally connected to a local client (See Davis Fig. 4 Element 204) and 

19 said at least one HSM is functionally connected to a first server (See Davis Fig. 4 Element 218 

20 and Col. 14 Lines 14-38), mutually authenticating said PSD and said first server (See Davis Col. 

21 13 Line 47 - Col. 14 Line 13), selecting at least one functional application within said PSD 

22 associated with existing data or configurations (See Davis Fig. 1 and Col. 1 Lines 45-49), 
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1 generating or retrieving cryptographic key material from an HSM cryptographic component 

2 complementary to a cryptographic component included inside said PSD (See Davis Fig. 4 

3 Element 218 and Col. 14 Lines 14-38), retrieving said data or configuration changes, processing 

4 said data or configuration changes by said first server (See Davis Col. 13 Paragraph 3), 

» ... 

5 encrypting said processed data or configuration changes by said at least one HSM using said 

6 complementary HSM cryptographic component (See Davis Col. 15 Line 27 - Col. 16 Line 33 

7 and Fig. 1 ID), routing said encrypted processed data or configuration changes through said 

8 communications pipe into said PSD (See Davis Col. 13 Paragraphs 3-4), and decrypting and 

9 processing said processed data or configuration changes by said at least one functional 

10 application using said PSD cryptographic component (See Davis Col. 13 Paragraph 5), but Davis 

1 1 failed to. specifically disclose that the client and server comprised a first component for mutual 

12 authentication, or that the client and server mutually authenticated each other prior to the HSM 

13 sending data through said communications pipe. 

14 Shrader teaches that in an Internet purchase system, SSL, which is well known in the art 

15 of computer security, should be used to provide secure communications between the client, and 

1 6 the server by allowing mutual authentication, the use of digital signatures for integrity, and 

17 encryption for privacy (See Shrader Paragraphs 10-1 1). 

18 It would have been obvious to the ordinary person skilled in the art at the time of 

19 invention to employ the teachings of Shrader in the Internet purchase system of Davis by 

20 establishing a secure channel between the client and the server prior to transaction 

21 communications. This would have been obvious because the ordinary person skilled in the art 

22 would have been motivated to allow both the client and server to verify "what entities were 
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1 involved in the transaction along the transmission", as well as to protect the transmitted data 

2 from illicit access. 

3 Regarding claim 2, Davis and Shrader disclosed a network for the establishment of said 

4 communications pipe (See Davis Fig. 4). 

5 Regarding claims 4, and 20, Davis and Shrader disclosed at least one second server in 

6 processing communications with said first server, wherein said at least one second server 

. 7 includes or generates stored data or configuration changes retrievable using a PSD unique 

8 identifier (See Davis Fig. 4 Element 208, Col. 12 Paragraph 1 and Gol. 15 Paragraph 2). 

9 Regarding claim 8, Davis and Shrader disclosed a network for the establishment of said 

10 . communications pipe and for functionally connecting said at least one second server to said first 

1 1 server, and sending means for sending said retrieved data or configuration changes from said at 

12 least one second server over said network to said first server (See Davis Fig. 4 and Col. 12 

13 Paragraph 1 - Col. 13 Paragraph 3). 

14 Regarding claim 9, Davis and Shrader disclosed that said first server comprises first 

15 processing means for receiving and processing said data or configuration changes, and wherein 



16 said at least one HSM comprises second processing means for further processing said data or 

17 configuration changes (See Davis Col. 13 Paragraph 3 and Col. 15 Paragraph 3 - Col. 16 

18 Paragraph 2). 

19 Regarding claim 10, Davis and Shrader disclosed that said at least one HSM comprises 

20 generating means for generating at least one command executable by said at least one functional 

21 application (See Col. 15 Line 63 - Col. 16 Line 33). 
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1 Regarding claim 11, Davis and Shrader disclosed that said at least one HSM comprises 

2 encrypting means for encrypting at least one command executable by said at least one functional 

3 application or said data or configuration changes, forming at least one cryptogram (See Davis 

4 Col. 16 Lines 20-22). 

5 Regarding claim 12, Davis and Shrader disclosed sending means for sending said at least 

6 . one cryptogram through said communications pipe into said PSD for processing by said at least 

7 one functional application (See Davis Col. 16 Paragraph 2 and Col. 13 Lines 41-63). 

8 Regarding claim 13, Davis and Shrader disclosed that said at least one functional 

9 application comprises decrypting means for decrypting said cryptogram using said PSD 

10 cryptographic means, and executing means for executing said at least one command (See Davis 

11 Col. 13 Lines 52-63). 

12 Regarding claims 14-15 and 27-28, Davis and Shrader disclosed that the network is a 

13 public or private network (See Davis Col. 6 Line 65 - Col. 7 Line 3). 

14 Regarding claims 16 and 31, Davis and Shrader disclosed that said communications pipe 

15 is provided with a secure communications protocol (See Davis Col. 13 Lines 59-61 and Col. 20 

16 Paragraph 1). 

17 Regarding claim 24, Davis and Shrader disclosed using a unique identifier associated 

18 with said at least one functional application for generating or retrieving said HSM cryptographic 

19 key material (See Davis Col. 15 Line 63 - Col. 16 Paragraph 2). 

20 Regarding claim 25, Davis and Shrader disclosed using a unique identifier associated 

21 with said at least one functional application for retrieving said data or configuration changes (See 

22 Davis Col. 12 Paragraph 1). 
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1 Regarding claim 26, Davis and Shrader disclosed that at least one command or data 

2 executable by said at least one functional application is encrypted by said at least one HSM, 

3 routed through said communications pipe into said PSD, and processed by said at least one 

4 functional application (See Davis Col. 16 Paragraph 2). 

5 
6 

7 Claims 5, 6-7, 17-18, 21-23, and 29-30 are rejected under 35 U.S.C. 103(a) as being 

8 unpatentable over Davis and Shrader. 

9 Regarding claims 5 and 21, Davis and Shrader disclosed a first and second server 

10 communicating information (See Davis Fig. 4) but did not specifically disclose that they had the 

1 1 capability of being mutually authenticated. However, mutual authentication between two 

12 communicating network elements was well known in the art at the time of invention and 

13 therefore it would have been obvious to provide the two devices with the ability of mutual 

14 authentication. This would have been obvious because the ordinary person skilled in the art 

15 would have been motivated to protect against illicit access to the contents of the devices. 

16 Regarding claim 22, Davis and Shrader disclosed using a unique identifier associated 

17 with said at least one functional application for mutually authenticating said PSD and said first 

18 server (See Davis Col. 13 Line 47 - Col. 14 Line 39). 

19 Regarding claims 6-7, and 23, Davis and Shrader disclosed using a functional application 

20 (See Davis Col. 7 Lines 4-6), but did not specifically disclose that the application was identified 

21 by a unique identifier. However, it was well known at the time of invention that applications had 

22 unique names which were used to identify them. Therefore, it would have been obvious for the 

23 application of Davis would have had a unique identifier used to identify the application. 
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1 Regarding claims 17-18 and 29-30, Davis and Shrader disclosed encrypting the 

2 signatures in the communications (See Davis Col. 13 Lines 59-61), but failed to disclose the type 

3 of encryption used. However, both asymmetric and symmetric encryption were well known in 

4 the art at the time of invention and therefore it would have been obvious to the ordinary person 

5 skilled in the art at the time of invention to have used either. 

6 Claim 3 is rejected under 35 U.S.C. 103(a) as being unpatentable over Davis and Shrader 

7 as applied to claim 1 above, and further in view of DiGiorgio et al (US Patent Number 

8 6,385,729) hereinafter referred to as DiGiorgio. 

9 Davis disclosed sending commands to a smartcard from the security card (See Davis Col. 

10 14 Paragraph 3), but failed to disclose that the commands were APDU commands. 

1 1 DiGiorgio teaches that APDUs are a standardized way to used to send commands to 

12 token devices (See DiGiorgio Col. 9 Paragraph 1). 

13 It would have been obvious to the ordinary person skilled in the art at the time of 

14 invention to employ the teachings of DiGiorgio in the command system of Davis by sending the 

15 commands to the stored-value card using APDUs. This would have been obvious because the 

16 ordinary person skilled in the art would have been motivated to follow the standard way of 

17 sending commands to a token device. 

18 Conclusion 

19 Claims 1-3 1 have been rejected. 

20 The prior art made of record and not relied upon is considered pertinent to applicant's 

21 disclosure. 
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6 organization where this application or proceeding is assigned is 571-273-8300. 



8 Application Information Retrieval (PAIR) system. Status information for published applications 

9 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

10 applications is available through Private PAIR only. For more information about the PAIR 

1 1 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
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